AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Importing provides a license-management SDK; explicit security APIs can hash caller-provided files and terminate the host on detected tampering.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Consumer imports the SDK and explicitly calls its client or security APIs.
Impact
Expected licensing and anti-tamper behavior; no unconsented install-time or persistence behavior found.
Mechanism
Configured license API requests and opt-in runtime integrity checks.
Rationale
Direct inspection shows an obfuscated but package-aligned licensing SDK with no consumer install hook or concrete malicious chain. The scanner's protestware label is unsupported by the inspected source.
Evidence
package.jsonREADME.mddist/index.d.tsdist/index.jsdist/index.mjs
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- `dist/index.js` and `dist/index.mjs` are heavily obfuscated.
- `dist/index.d.ts` exposes opt-in anti-debug and integrity functions that can terminate the host process when enabled.
Evidence against
- `package.json` has only publisher-side `prepublishOnly`, with no install-time hook.
- No child-process, shell, eval, or package file-write primitive was found in the inspected bundle.
- `readFileSync` in `dist/index.mjs` hashes caller-supplied paths for the documented integrity baseline.
- Network requests use `fetch` for the documented license API configured by the consumer.
- `README.md` and declarations consistently describe license, HWID, update, and opt-in protection features.
- No credential harvesting, exfiltration endpoint, persistence, destructive action, or AI-agent configuration mutation was found.
Behavioral surface
DynamicRequire
MinifiedProtestwareTrivial
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
1'use strict';(function(d,e){const oS={d:0x65,e:0x61c,f:0x120,g:0x494,h:0x451,i:'\x4e\x5e\x6f\x66',j:0x79d,k:0x566,l:0x4,m:0x601,n:'\x51\x49\x64\x33',o:0xf0b,p:0xdc7,q:0xd2c,r:0xb98...
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L1Findings
1 Critical1 Medium2 Low
CriticalProtestware
MediumDynamic Requiredist/index.js
LowNon Install Lifecycle Scripts
LowScripts Present